NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Tagit446's avatar
Tagit446
Tutor
Feb 24, 2021

New to VLAN's - Need help setting up GS105Ev2 in 802.1Q Advanced configuration

Hi, I recently purchased a GS105Ev2 to isolate an NVR sercurity cam system by using VLANS. I am having trouble trying to understand what should be tagged, untagged, and blank on the web gui VLAN mem...
schumaku's avatar
schumaku
Guru - Experienced User
Feb 25, 2021

Amazing people always challenge in the switch community about much more complex things like security appliances than what the simple VLAN capable switch do serve for...

 

There is no reason to delete the VLAN 1. K.I.S.S. - the "problem" often read about the default VLAN was caused decades ago by a major vendor where the was not configureable on the ports and LAGs causing mess and security issues.

 

Keep your main network on the VLAN 1, and add 802.1q VLAN(s) for additional networks - which are by definiton isolated networks, permitting a correct configuration.

 

Case A. Each port connecting to the security appliance, VLAN/multi-SSDI capable access points, systems operatiing VMs an contaners requiring access to mutiple networks must be configured like this - create as many VLAN xxx as you want:

 

  1. VLAN 1, [U]ntagged, PVID 1 ... this makes the normal network running, and applies also to ports where you want to connect computers, printers, and whatever has access to the main network. The switch will send any untagged frames incoming to the VLAN 1 (this is what the PVID 1 is for), and send frames from the VLAN 1 out untagged to the connected device.
  2. VLAN xxxx, [T]agged.  ...this makes up the port to become a trunk port by adding the additional 802.1q tagged network - to send and receive VLAN xxxx tagged frames from/to the VLAN xxxx.
  3. Double check the port(s) are set to allow tagged and untagged (both) packets/frames if the witch is supporting.

Case B. In case you like to make a switch port assigned to a edicated VLAN (and only then!) use this:

 

  1. VLAN xxxx, [U]ntagged, PVID xxxx ... this makes the port being an access port for the VLAN xxxx. The switch will send any untagged frames incoming to the VLAN xxxx (this is what the PVID xxx is for), and send frames from the VLAN xxxx out untagged to the connected device.
  2. Untick any other [U]ntagged of [T]agged VLAN membrships, specifically the VLAN 1 which is by default an untagged member.
  3. Allow only untagged packets/frames if the switch does support.

As simple as this.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More